Home > Forefront TMG 2010 > Installing TMG on Windows Server 2008 R2 Core

Installing TMG on Windows Server 2008 R2 Core

December 1, 2010

Sounds like a great idea, right? I agree! If you found this post hoping to learn how to install Microsoft Forefront Threat Management Gateway (TMG) 2010 on Windows Server core, then I apologize for misleading you. Sadly, the reality is that TMG cannot be installed on any version of Windows Server core. It would seem to be a natural choice as the underlying operating system for the TMG firewall since it has fewer installed services, which reduces patching requirements and minimizes the attack surface. Unfortunately TMG has dependencies on roles and features, namely the Network Policy Server (NPS) and the Routing and Remote Access Service (RRAS) that are not available on Windows Server core installations.

Personally I love Windows Server core. Since I began working with computers many years before Windows arrived on the scene, I’m more than comfortable at the command line. I use Windows Server core in my virtual labs for infrastructure services such as domain controllers, DNS servers, and even certificate services (which is not trivial to get working correctly!). Having Windows Server core as the supporting operating system for a TMG firewall would be wonderful, however, in my discussions with the TMG development team it appears that updating TMG to run on Windows Server core would be a difficult (if not impossible) task. Given that there has been little demand for TMG on Windows Server core, I don’t expect this to be a supported configuration any time soon. If future versions of Windows Server core include support for NPS and RRAS (and why not, it would be a great idea!) then perhaps we’ll see TMG supported on Windows Server core in the future.

Categories: Forefront TMG 2010
  1. November 16, 2011 at 2:41 pm

    Thanks for the information. But is there a way to install TMG client on server core?
    I have a member server core in a domain and I had a GPO to install TMG client on member servers but the installation failed as it requires IE 5 or higher be installed on server core. Do you have a solution for this

  2. November 17, 2011 at 3:12 pm

    I don’t believe the Forefront TMG 2010 firewall client is supported on Server Core installations. It might be possible to get it to work, but I’ve never tried. If it does work, it isn’t likely to be supported I would guess.

  1. No trackbacks yet.
Comments are closed.